Store OAuth2 token securely in the KeyStore and reference the account in the AccountManager

My web API requires an authentication token to access protected resources. I can query and receive them, and destroy the api. Now I want to save this token for later use.

I know it is difficult or even impossible to store sensitive data securely, but this article suggests using KeyStore to store tokens, which might be the best way. I read somewhere that the stock email app also uses this approach, but unfortunately I can't remember the source.

I would like to use the KeyStore in conjunction with the AccountManager, so the user can view and manage all registered accounts (tokens) on their device.

Is it possible? If so, how can I achieve this? I cannot find a way to "bind" the link to the keystore entry in the account.

Any suggestions or alternatives are appreciated! Thanks in advance!